CVE-2021-32424
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.
En TrendNet TW100-S4W1CA versión 2.3.32, debido a una falta de controles de sesión apropiados, un actor de amenazas podría hacer cambios no autorizados en un router afectado por medio de una página web especialmente diseñada. Si un usuario autenticado interactúa con una página web maliciosa, podría permitir tomar el control completo del router
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-07 CVE Reserved
- 2021-06-17 CVE Published
- 2024-03-02 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Galapag0s/Trendnet_TW100-S4W1CA/blob/main/writeup_CSRF.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trendnet Search vendor "Trendnet" | Tw100-s4w1ca Firmware Search vendor "Trendnet" for product "Tw100-s4w1ca Firmware" | 2.3.32 Search vendor "Trendnet" for product "Tw100-s4w1ca Firmware" and version "2.3.32" | - |
Affected
| in | Trendnet Search vendor "Trendnet" | Tw100-s4w1ca Search vendor "Trendnet" for product "Tw100-s4w1ca" | - | - |
Safe
|